Mind the Gap: Where Rail Suppliers Lose Points in Audits 

What is the RISQS RICCL List?

Introduction 

Even the most experienced rail suppliers can stumble when it comes to audits. Whether it’s RISQS, ISO, or an internal client review, small details often make the difference between a clean pass and a corrective action. And while no one enjoys the pressure of audit season, most issues come down to a handful of recurring and entirely fixable mistakes.

Audits aren’t designed to catch you out—they’re there to confirm that your systems genuinely support safety, quality, and compliance. The problem is, day-to-day demands often push those systems into the background. This article takes a candid look at where rail suppliers typically lose points and, more importantly, how to close the gaps before the auditor arrives.

 

1. The Usual Suspects: Top Audit Weak Points for Rail Suppliers

While every business is different, the same themes appear again and again during audits. Here are the most common areas where rail suppliers lose ground:

1.1 Documentation Drift

Policies and procedures that were once pristine gradually become outdated. Maybe a process has changed but the manual hasn’t been updated, or perhaps multiple versions of a form are floating around the office. Auditors quickly notice version control issues, missing sign-offs, or uncontrolled copies of documents.

Example: One supplier recently picked up findings in their RISQS renewal because their safety management plan hadn’t been reviewed in over two years—despite the fact that their on-site practices were excellent.

1.2 Training and Competence Gaps

Incomplete or missing records are one of the biggest causes of non-conformances. Rail is a safety-critical environment, so if even one employee’s qualification has expired or can’t be evidenced, it raises red flags.

Example: A contractor lost audit points because they couldn’t demonstrate that temporary workers had received site-specific inductions—even though they had, informally.

1.3 Risk Assessments Without Follow-Through

Risk assessments may exist on paper, but auditors want to see that findings are acted upon. If hazards are identified without assigned actions, completion tracking, or review dates, it signals a lack of control.

1.4 Non-Conformance Follow-Up

Logging incidents or non-conformances is a strong start—but failing to close them properly is a common mistake. Auditors look for evidence of investigation, corrective action, and lessons learned.

1.5 Subcontractor Oversight

Many suppliers work with subcontractors or labour providers but don’t monitor them consistently. RISQS requires that subcontractor competence, insurance, and safety standards are regularly checked. If you can’t prove that your supply chain meets the same standards you do, it becomes a compliance risk.

2. Why These Gaps Matter

These issues might seem minor, but in the context of an audit, they carry weight. A missing signature or outdated procedure isn’t just paperwork—it represents a potential breakdown in control. In a sector as tightly regulated as rail, consistency and traceability matter.

Beyond the audit score itself, gaps in documentation, training, or oversight can impact your reputation. Buyers and auditors view good record-keeping and follow-through as indicators of professionalism and reliability. In other words, how you manage compliance is seen as a reflection of how you manage your business.

3. Closing the Gaps: Practical Fixes That Work

The good news? Most audit findings are entirely preventable. Here are some tried-and-tested strategies to strengthen your systems before the next audit:

  • Keep a Compliance Calendar: Schedule reminders for internal audits, document reviews, training renewals, and management meetings. Consistency is key.

  • Run Quarterly Mini-Audits: Don’t wait until the official audit to check compliance. Small, frequent reviews will catch problems early.

  • Link Non-Conformance Reports to Action Logs: Every issue logged should link to a clear action plan, responsible person, and completion date.

  • Train Admin Teams on Document Control: Ensure everyone understands version management, approval workflows, and how to retire old documents.

  • Centralise Your Records: Use a shared digital system or secure cloud storage to avoid duplication and confusion.

Pro Tip: Keep your audit evidence simple, consistent, and clearly labelled. The easier it is for you to explain, the easier it is for auditors to follow.

Keep your audit evidence simple, consistent, and clearly labelled.

4. Lessons from the Field: Patterns We See as Consultants

At Simpson Consultancy, we’ve supported hundreds of rail suppliers through RISQS, ISO, and internal audits. What we see most often isn’t poor performance—it’s disorganisation. Teams are usually doing the right things but struggling to evidence them clearly.

For example, health and safety briefings might be happening weekly, but without a sign-in sheet or digital record, auditors can’t verify participation. Or a business might have impeccable environmental practices but no documented objectives or monitoring data. A simple system for capturing and organising evidence can turn a borderline audit into a confident pass.

External reviews or pre-audit checks often uncover these blind spots. They bring a fresh set of eyes and ensure your processes are aligned with current standards and RISQS expectations.

5. Building Long-Term Audit Confidence

Passing one audit is great. Passing every audit with consistency is even better. That level of confidence comes from embedding compliance into daily routines rather than treating it as a once-a-year scramble.

  • Make compliance part of team KPIs and performance reviews.

  • Provide regular refresher training to keep awareness high.

  • Review policies and procedures whenever operational changes occur.

  • Encourage staff to flag issues early—auditors appreciate transparency more than perfection.

Embedding compliance into your culture also supports continuous improvement. It moves your business beyond reactive fixes toward proactive management—the hallmark of a mature, trusted supplier.

Embedding compliance into your culture

6. How Simpson Consultancy Can Help

If your next audit feels a little too close for comfort, we can help you prepare with confidence. At Simpson Consultancy, we provide:

  • Independent pre-audit reviews to identify gaps.

  • Documentation and policy templates aligned with RISQS and ISO standards.

  • Internal audit training and ongoing compliance support.

We don’t just prepare you for audits—we help you build the systems to pass them consistently.

Get in touch today for a free, no-obligation quote and discover how we can simplify your compliance process while strengthening your business.

Conclusion 

Most audit findings aren’t the result of major failures—they’re small, predictable gaps that add up over time. By addressing them early, keeping documentation organised, and embedding compliance into your culture, you can approach every audit with confidence.

For suppliers committed to growth and reputation in the rail industry, mastering these fundamentals isn’t just about passing audits—it’s about proving that safety, quality, and reliability are at the core of everything you do.

RISQS
FIND OUT MORE

Need Support?

Ready to get started? Learn more about RISQS audit support here: https://simpsonconsultancy.co.uk/risqs/

Contact us today for a no-obligation consultation and let us help you achieve RISQS certification with confidence.

Contact Us For a Free Quote

Get in Touch